from the compare-and-contrast dept

The East German secret police, known as the Stasi, were an infamously intrusive secret police force. They amassed dossiers on about one quarter of the population of the country during the Communist regime.

But their spycraft — while incredibly invasive — was also technologically primitive by today's standards. While researching my book Dragnet Nation, I obtained the above hand drawn social network graph and other files from the Stasi Archive in Berlin, where German citizens can see files kept about them and media can access some files, with the names of the people who were monitored removed.

The graphic shows forty-six connections, linking a target to various people (an "aunt," "Operational Case Jentzsch," presumably Bernd Jentzsch, an East German poet who defected to the West in 1976), places ("church"), and meetings ("by post, by phone, meeting in Hungary").

Gary Bruce, an associate professor of history at the University of Waterloo and the author of "The Firm: The Inside Story of the Stasi," helped me decode the graphic and other files. I was surprised at how crude the surveillance was. "Their main surveillance technology was mail, telephone, and informants," Bruce said.

Another file revealed a low-level surveillance operation called an IM-vorgang aimed at recruiting an unnamed target to become an informant. (The names of the targets were redacted; the names of the Stasi agents and informants were not.) In this case, the Stasi watched a rather boring high school student who lived with his mother and sister in a run-of-the-mill apartment. The Stasi obtained a report on him from the principal of his school and from a club where he was a member. But they didn't have much on him — I've seen Facebook profiles with far more information.

A third file documented a surveillance operation known as an OPK, for Operative Personenkontrolle, of a man who was writing oppositional poetry. The Stasi deployed three informants against him but did not steam open his mail or listen to his phone calls. The regime collapsed before the Stasi could do anything further.

I also obtained a file that contained an "observation report," in which Stasi agents recorded the movements of a forty-year-old man for two days — September 28 and 29, 1979. They watched him as he dropped off his laundry, loaded up his car with rolls of wallpaper, and drove a child in a car "obeying the speed limit," stopping for gas and delivering the wallpaper to an apartment building. The Stasi continued to follow the car as a woman drove the child back to Berlin.

The Stasi agent appears to have started following the target at 4:15 p.m. on a Friday evening. At 9:38 p.m., the target went into his apartment and turned out the lights. The agent stayed all night and handed over surveillance to another agent at 7:00 a.m. Saturday morning. That agent appears to have followed the target until 10:00 p.m. From today's perspective, this seems like a lot of work for very little information.

from the just-a-wafer-thin-mint-sir dept

A few years ago we noted how there appeared to be a growing belief among some chefs that taking photographs of their dishes when you're in their restaurants is somehow "taking away their intellectual property." We've discussed a few times about how restaurants are just one of many industries where a lack of copyright protection has actually helped innovation flourish (read: an industry that shows that there can be great creativity without saddling the entire apparatus down with copyright, such as magic or stand up comedy).

While many chefs seem to simply think that foodies and patrons photographing their food is a sign of respect or just begrudgingly tolerate it, others seem to have succumbed to copyright maximalism disease, whereby one believes that you're allowed to "own" things you're clearly not entitled to. Despite the idea being rather groundless, it appears that it has recently caught on among a smattering of chefs overseas:

"Gilles Goujon, from the three-starred L'Auberge du vieux puits in the south of France, has stated in an interview with news website France TV that foodtography is not only poor etiquette but he believes that when his dishes appear online, it takes away "a little bit of my intellectual property". Another chef in La Madelaine-sous-Montreuil has also included a "no camera" policy on his menus for this reason."

While kicking people out of your restaurant is certainly your prerogative (and there certainly are people who are so in love with their smartphone that dining with them is annoying), why would you want to punish paying customers for appreciating your work? The end result would likely hurt your brand long before it managed to protect any personal acumen in your stated craft. Other chefs lament that not only are you stealing their IP, you're doing a really crap job of it because you're probably a bad photographer:

"US chef RJ Cooper, from Rogue 24 in Washington DC, has made similar claims...: "They publish food photos without your consent, which is taking intellectual property away from the restaurant. And also, generally, the photographs are terrible. "If you're publishing something in a public forum without written consent, that's problematic."

That seems about as logical to me as the superstition that taking photographs of an individual leeches away a tiny part of their soul. Just because I take a photo of your meal, does that mean I'm somehow magically also stealing what is probably a complicated recipe? So what you're saying essentially is you "own" the IP of laying several strips of beef just so and dribbling the entire concoction with sauce in a particular way? It's quite a bit of nonsense, and fortunately for patrons, no lawyer appears to have been interested in testing this theory, even if it's starting to seem like only a matter of time before one does.

from the welcome-to-the-not-quite-Internet dept

Overseas there has been a growing push to draw in more Facebook and Google users by making it so select Facebook or Google content doesn't count against your mobile data plan. From the Philippines to Kenya, you can see these efforts exemplified by services like Facebook Zero and Google Free Zone. Facebook Zero, for example, allows you to browse Facebook almost as normal, though you'll be charged normal data rates if you try to download something like photos and video, or in some cases if you travel to any other website.

Now, news has emerged that Facebook is spending $60 million to acquire drone-manufacturer Titan Aerospace. The idea is that Facebook could use these drones to provide fly-over connectivity for lower income nations. While it makes for good headlines whether that ever actually happens is pretty dubious, given there's a long history of mixed results when it comes to providing broadband by aircraft, whether that's via hot air balloon, Santa sleigh or drone. Really, when it's all said and done, it's an effort to grab a larger chunk of potential ad eyeballs under the pageantry of purported altruism.

Here in the States, we haven't experimented with the idea of free gateway access yet much, though companies like T-Mobile prepaid brand GoSmart have hinted at the idea. Speaking at the Mobile World Congress trade show this week in Barcelona, Facebook CEO Mark Zuckerberg stated that he'd really like to see his expanded free ambitions take off further in additional countries:

"Zuckerberg said that Internet.org, which Facebook and other partners announced last year, is designed to create a reliable program to help "on-ramp" those customers to the Internet by offering a free tier of service, much like 911 on the wired telephone network. "We want to create a similar kind of dial tone to the Internet," Zuckerberg said...Facebook's work with wireless carrier Globe in the Philippines has doubled the number of people there accessing the Internet. He said in that program Globe is making access to Facebook free and then charging for access to other sites. In a separate effort in Paraguay, where Facebook is working with operator Tigo, the number of people using data has jumped 50 percent, and the number of people using it daily jumped 70 percent, by offering free access to Facebook."

Usually, these statements are followed by citing a lot of studies about how improved Internet penetration helps developing nations (studies focused on actual Internet access, not Zuckerberg's definition of it). Critics contest these users aren't really being connected to the actual Internet and all that entails. They're being connected to bizarre new walled-garden universes where privacy doesn't exist, connectivity is fractured, and they themselves are the product. Is this helpful if you step back and take a longer view? Folks like Susan Crawford don't seem to think so:

I honestly find myself quite torn between thinking that any connectivity is better than none (it depends entirely on the implementation of the effort), and the idea that we're establishing a painfully-low baseline of expectation in developing countries in terms of what the Internet is supposed to be. How different is what Facebook is doing from AT&T's sponsored data idea when you strip away a few layers, and if people are introduced to the Internet as a fractured, distorted walled garden at their first encounter with it, what does it evolve into for them down the road?

from the urls-we-dig-up dept

Part of the enjoyment of eating is indulging in the sensory experience of food. Whether we like a food depends on the texture, consistency, temperature (both physical and perceived, as in cool mints or hot peppers), smell, taste, and even its appearance. Flavor is primarily determined by our sense of taste and smell, and is often a main deciding factor in whether we like a food. Here are just a few links related to the chemistry of flavors.

from the wave-that-magic-wand dept

We've already reported on how Italy's communications watchdog, AGCOM, has assigned itself the power to censor websites based on a copyright infringement claim from a copyright holder, without any sort of judicial due process. However, it appears that Italy's public prosecutor has decided to go even further and simply order ISPs to censor dozens of websites based solely on his say so that they were sources of infringing materials. No copyright holder made any specific claim about those sites. There doesn't appear to have been any due process, or really any process at all, other than that the public prosecutor decided which sites were "pirate sites," and then handed them off to the "Guardia di Finanza" (the financial police, more or less), a part of Italy's Ministry of Economy and Finance, who went out and ordered ISPs to block access to these sites entirely.

Unfortunately, it looks like this is something of a trend, with law enforcement types suddenly deciding on their own what websites need to be shut down absent any sort of judicial due process. These efforts probably make copyright maximalists happy, but they fly in the face of pretty much all of copyright law. They're almost entirely based on confusing law enforcement types into believing that copyright is just like "property" and thus that it can treat sites that are somehow connected to possible infringement the same as entities that traffic in stolen merchandise. There are, of course, worlds of difference between the two, but copyright maximalists play on the ignorance of law enforcement officials in these settings, playing up the misleading analogy, leading to vast censorship and a near total lack of due process.

from the BS-can-only-take-you-so-far dept

While the assumption was that AT&T's attempted takeover of T-Mobile was shuttered simply because it eliminated a needed competitor from the market, one of the biggest, under-stated reasons was simply AT&T's immense, blistering hubris, forged by decades of being pampered by the government. AT&T didn't just push for the T-Mobile merger, they lied aggressively and at every possible opportunity about the deal's benefits, believing themselves to be impervious to repercussions. They lied in claiming the deal would create 100,000 jobs. They lied about needing to acquire T-Mobile or their network would implode from lack of spectrum. They lied in claiming that eliminating a competitor would somehow magically improve competition.

And they didn't just lie -- AT&T was loud about it. Via lobbyist, consultant, think tanker, and anyone else on the payroll, AT&T lied using every manner of lobbying trick in the book, from paying an army of third party groups to parrot merger support, to running an onslaught of constant full page advertisements repeating the same, easily-disproven lies ad nauseam. At the end of 2011, Cecilia Kang at the Washington Post penned what was essentially an obituary for the AT&T T-Mobile deal, with an overlooked paragraph that explained precisely why the deal became too much for regulators to swallow:

"The letters from third-party groups raised eyebrows at government agencies and on the Hill, where people began wondering why groups with no obvious ties to broadband were writing in. News reports emerged showing that many of the groups had financial ties to AT&T. Then there were the ads that staff members at the FCC said they couldn't avoid when they opened a newspaper, fired up their iPads or watched TV — all touting the merger's ability to put thousands of Americans to work. But who had ever heard of a big company merger creating rather than destroying jobs?"

The Post noted that instead of all this noise and fury helping to get approval, it actually caused regulators to take a closer look at claims where otherwise they wouldn't have. The sheer volume of nonsense coming from AT&T actually worked to amplify media and political pressure where it might not have existed otherwise. The end result was regulators actually doing their jobs and digging into the promises more deeply, only to find AT&T's arguments lacking:

"AT&T's blitzkrieg of ads, which claimed that the promised expansion of broadband would create 100,000 jobs, wasn't helping either. A deal's impact on jobs is not typically part of an evaluation by antitrust officials, but this time regulators thought AT&T's campaign had forced them to take a closer look. They found holes. For one, the company refused to divulge how many jobs it would eliminate in the merger."

"Industry lobbyists familiar with both deals say they observe Comcast approaching this merger in a much quieter, more subtle way than AT&T did. Many of Comcas's lobbyists are staying silent about the deal altogether, and not just around reporters. Even at social gatherings and business functions where it might seem obvious to mention the deal to lawmakers or administration officials as a way of smoothing the way forward, Comcast's lobbyists have, in many instances, made nary a peep about it, according to sources. "The way Comcast is approaching this is very interesting,” said a veteran telecom lobbyist. "Everybody's writing the easy story about how many lobbyists Comcast has, but the way they're lobbying this, they're being very inside baseball, very surgical."

That's not to say Comcast isn't paying a ton of other people to make stupid, loud arguments for them, but they're pretty clearly trying to tone down the rhetoric the public sees as having come from Comcast itself. Comcast's steering clear of unsubstantiated job claims, and seems intent on keeping any promises they do make vague (like arguing the deal is simply "pro consumer"). Will a tiny bit of subtlety let Comcast fly under the regulatory M&A skepticism meter? Maybe. Comcast has proven pretty good at getting regulators to push for meaningless merger conditions (though AT&T was pretty good at that too). I'm going to bet you see deal approval; not because the deal is necessarily good, but primarily because AT&T taught Comcast an important lesson on the limits of bullshit.

from the spy-versus-spy dept

Peter Maass, who I've been fortunate to meet and has had a pretty amazing career as an embedded war journalist, has penned a pretty fantastic read over at Glenn Greenwald's new The Intercept venture. In it, Maass points out that among the ocean of compelling bits buried in the Snowden documents is this strange little fact: the NSA has an advice columnist who routinely provides NSA employees with office politics and interpersonal advice under the pen name "Zelda." Her column, titled "Ask Zelda!," routinely appears for employees with adequate security clearance via the agency's intranet.

Many of the advice columns released via Snowden's document dump deal with perfectly ordinary office politics, like complaints about stealing sodas out of refrigerators, stinky co-workers, or bosses who can't be bothered to respond to e-mails. But Maass points out that one of the more entertaining columns involves complaints by an NSA worker who is concerned about their boss spying on them. In a column signed "Silence in SID," an employee writes in:

"Here's the scenario: when the boss sees co-workers having a quiet conversation, he wants to know what is being said (it's mostly work related). He has his designated “snitches” and expects them to keep him apprised of all the office gossip – even calling them at home and expecting a run-down! This puts the “designees” in a really awkward position; plus, we're all afraid any offhand comment or anything said in confidence might be either repeated or misrepresented."

The tension created by having an overly nosy boss has resulted, the employee claims, in workplace efficiency problems and a growing lack of trust in the establishment:

"We used to be able to joke around a little or talk about our favorite “Idol” contestant to break the tension, but now we're getting more and more skittish about even the most mundane general conversations (“Did you have a good weekend?”). This was once a very open, cooperative group who worked well together. Now we're more suspicious of each other and teamwork is becoming harder. Do you think this was the goal?

Zelda is quite-amusingly shocked by the boss's behavior inside of an agency of spies:

"Wow, that takes “intelligence collection” in a whole new – and inappropriate – direction. …. We work in an Agency of secrets, but this kind of secrecy begets more secrecy and it becomes a downward spiral that destroys teamwork. What if you put an end to all the secrecy by bringing it out in the open?"

So spying over-broadly on people you don't think should be spied upon destroys teamwork, fosters distrust and erodes overall efficiency, huh? Gosh, what if you took that concept and applied it to an entire planet? As Maass notes, at no point while giving advice on spying inside the NSA does Zelda seem to have awareness of the possible lessons that could be applied to spying going on outside the NSA (at least that we get to see):

"Her response to “Silenced in SID” does not acknowledge the irony – or hypocrisy – of an employee at a spy agency complaining about being spied on. But Zelda directly addresses the long-lasting effects of inappropriate surveillance. “Trust is hard to rebuild once it has been broken,” she observes. “Your work center may take time to heal after this deplorable practice is discontinued."

So remember, dear readers: inappropriate surveillance erodes trust, destroys teamwork, damages the overall community, and creates a general downward spiral that's bad for everybody involved. Unless we're doing it to the general public, in which case -- who cares? Now get back to work!

from the fair-use-lives dept

A couple months ago, we had a blog post celebrating the 30th anniversary of the Supreme Court's decision that showed the Sony Betamax was legal, an important ruling that helped clear the field for innovations that could, potentially, be used for infringement, so long as they also had substantial non-infringing uses. Today is the anniversary of another important copyright decision. Twenty years ago today, the Supreme Court made a key ruling in Campbell v. Acuff-Rose, emphasizing that fair use can absolutely still apply for commercial use. That ruling is tremendously important to the history of the internet.

The case, if you don't recall, involved the rap group 2 Live Crew's song "Pretty Woman," which was a take on Roy Orbison's "Oh, Pretty Woman." And while a lower court tossed out the fair use question by saying that it was "presumptively unfair" due to being a commercial parody, the Supreme Court noted that commercial use can still be fair use, and that the "more transformative the new work, the less will be the significance of other factors, like commercialism, that may weigh against a finding of fair use." That is, while commercial use is still a factor in determining fair use, if a work is transformative, whether or not it's a commercial use matters much less. That has very important consequences for all sorts of fair use today, including in television, movies, books and news.

Unfortunately, as Matt Schruers notes above, it's also a ruling that is frequently ignored or forgotten by many who think they understand copyright. The number of times we've had commenters here state that something can't be fair use if it's for commercial use is quite incredible, but at least we can assume those people just don't know. Where it gets especially troubling is when people whose job it is to know and understand this stuff seem to ignore it:

It is odd but true that the significance of commercial fair use is often lost in the copyright conversation. A recent House Judiciary hearing on fair use underrepresented the significance of fair use to business, and just this week I sat through a policy event where a speaker confidently declared U.S. trade policy need not address fair use because fair use deals only with “non-commercial” use — blissfully unaware, it would seem, that a unanimous Court thought otherwise. The most recent numbers available suggest that about 17% of U.S. GDP was produced by industries benefiting from fair use and other exceptions to copyright, and that the same industries (increasingly, high-value services) now lead export growth. As a result, other jurisdictions have realized that U.S. copyright law’s hospitality to basic, essential Internet functions like search is a national competitive advantage.

And this is an issue that is only going to become more important. As more and more things move online, there are ever greater questions about fair use in the context of internet services. The fact that this ruling helped cement the importance of transformative use, and made it clear that commercial use can be fair use, is a key part of why the internet can function today without all sorts of cloud and internet services being sued out of existence.

from the (hic) dept

There has been no shortage of social networking ideas that have come and gone, some being useful, some being silly, and some being downright stupid. But Reddit user MFLUDER recently directed my attention to a new social network app that only lets you enter and participate -- if you're drunk. The LIVR social network and associated app website claims the idea will launch launch sometime this Spring (assuming my gut is wrong about it being a viral hoax). To join, you've got to plug a breathalyzer device into your phone, and if your blood alcohol content is high enough you're allowed to enter. What could possibly go wrong?

The website claims LIVR users get to use a number of features once they've drunkenly stumbled through the virtual door, including getting to play "crowd-sourced truth or dare," maps that will highlight the other drunk nerds in your immediate vicinity, and the ability to randomly drunk dial another LIVR user. The website also promises users a "blackout button" that will erase all of your incoherent and inappropriate tirades at the end of the evening or the next day, giving users what the founders claim is encouragement to just "go nuts" and "be their true self" without worrying that said true self might result in joblessness, divorce, or worse:

"What Happens on LIVR Stays on LIVR
It's 4 AM. You've posted uncensored selfies. Flirted with Drunk Dial. Racked up Truth or Dare points. But you don't want your boss to see. Just hit the Blackout Button and all record of your night is permanently cleared. Relax. Be yourself. Your secret's safe with LIVR."

Right. Except the Internet generally doesn't work that way, and there's really no such thing as privacy online. The potential for abuse seems somewhat high for law enforcement, the NSA, stalkers, and in generally encouraging people to get the highest score when it comes to their BAC. Not that people don't generally do this stuff without the help of an app, but you have to imagine LIVR, if it's even actually real, is going to need some decent lawyers on retainer for the flood of lawsuits headed their way.

"I think some of our best ideas are found at the bottom of a glass," insists Brooklyn-based founders Kyle Addison and Avery Platz in a promotional video for their unlikely-sounding new endeavor:

"LIVR isn't just another tired social network. It's an online party at all times… guaranteed. No baby photos. No puppies. Mom isn't here. Just a global network of similarly buzzed people looking to have a good time."

Yes an endless virtual "party" where half of the people are incoherently arguing over who is the most drunk, and the other half are busy pretending they're drunk by using mouthwash to trick the BAC meter. Who would possibly get tired of that? I still think it's likely a hoax ("Avery Platz," for example, has a strangely-nonexistent digital footprint outside of the LIVR announcement for a Brooklyn developer that likes to drink and talk), but it's still a pretty damn good one.

The kicker came during an afternoon panel discussion, when John DeLong, the National Security Agency's director of compliance, should have been awarded an honorary degree in tongue biting. DeLong sat right next to Carol Rose, executive director of the American Civil Liberties Union of Massachusetts, yet refused to engage when she made pointed comments, like this one: "Everything's being done in secret. But for Edward Snowden, we wouldn't even be having this conversation."

DeLong would look down and away (perhaps there was an interesting piece of metatada on the floor of Wong Auditorium), waiting silently for another panelist to move the discussion away from his agency.

This is nothing new for DeLong. Back in August of last year, he gave the Washington Post permission to quote him "by name and title" after holding a 90-minute interview with the paper, after the White House routed all press queries to him directly. When the paper refused to edit quotes after the government's "internal review" of the interview draft, the administration and the NSA then informed the Washington Post that nothing DeLong said could be used. All of his input was replaced with a bland, prepared statement.

Now, DeLong could have been interested in participating in this discussion, but this previous administration intervention seems to indicate that the NSA and the White House would prefer DeLong keeps his head down and his mouth shut -- at least in cases where it can't push through its own edit of the "discussion."

DeLong wasn't the only government rep uninterested in discussing government surveillance.

Before DeLong's group took the floor, US Commerce Secretary Penny Pritzker made a brief speech in which she barely touched on the subject of privacy, then exited quickly without fielding questions.

Someone seated near me, in one of those fake whispers that's really meant to be heard by a lot of people, summed things up nicely: "No questions? Why have a real discussion, right?"

Snickers rippled a few rows in every direction.

As Borchers points out, there was plenty of discussion about private companies and privacy, but when it came to the biggest "company" of all, the US government, no one had much to say. White House counselor John Podesta somehow even managed to "phone in" his phoned-in statement (Borchers describes Podesta's contribution as "bland remarks") to open the event.

This is the US government's idea of "discussion." Canned statements and floor-gazing. The NSA made this bed and now refuses to lie in it. (Although officials will often lie outside of it -- ho, ho! *coughJamesClapper*) The administration plays along, making small gestures but refusing to consider making any substantial statements or changes. The Office of the Director of National Intelligence continues to pass out redacted documents with implied transparency, glossing over the fact that every document release so far has been compelled by an FOIA lawsuit.

This isn't a discussion. This is low murmurs and unintelligible mumbling being passed off as a "discussion" in hopes this new era of faux-openness will soon blow over and allow everyone involved to return to the opacity and darkness they've become accustomed to operating in.

from the eye-spy dept

Recently, we've covered a series of stories centered around license plate scanners and the way such information is stored. Despite the protests of the ACLU, local law enforcement agencies have widely deployed the technology and there have also been requests from federal agencies to build a central database of information based on plate scans. If the latest reports are to be believed, however, these would simply be attempts to nationalize an endeavor that has already been undertaken by private industry.

While public debate about the license reading technology has centered on how police should use it, business has eagerly adopted the $10,000 to $17,000 scanners with remarkably few limits. At least 10 repossession companies in Massachusetts say they mount the scanners on spotter cars or tow trucks, and Digital Recognition Network of Fort Worth, Texas, claims to collect plate scans of 40 percent of all US vehicles annually.

And that's just one company. The article goes on to note that there are other groups in the data brokerage business that otherwise claim to collect a large majority of US vehicles every year. Those groups freely admit to providing those scan databases to a variety of third parties.

The main commercial use of license plate scanners ­remains the auto finance and auto repossession industries, two professions that work closely together to track down people who default on their loans. Digital Recognition lists Bank of America Corp., JPMorgan Chase & Co., HSBC Holdings, and Citibank among its clients, while MVTRAC boasts that it serves 70 percent of the auto finance industry.

Digital Recognition already provides its entire data pool to more than 3,000 law enforcement agencies nationwide, free of charge for most searches. The Massachusetts State Police is a registered subscriber, as are the Boston, Cambridge, Somerville, Brookline, and Quincy ­police departments. Even ­Boston College and Brandeis police have access to the firm’s entire scan database.

Now, in response to the privacy concerns raised by activists, what the data brokers and repo folks will tell you is that these scans typically occur in public places. That's not always true, since the repo trucks often will enter private property, such as the parking lot of an apartment or condo complex, but their point is that there is no expectation of privacy in an area that's in plain sight. They'll also tell you that these are just license plate scans, not detailed personal information about anyone in particular.

But that's bullshit, of course. It ignores the practical application of the scan database, as well as to whom that information is being sold. Banks, PIs, and creditors can all scrub this raw data against available DMV and governmental information, while law enforcement agencies both local and federal can build up a database that tracks the movement of any scanned vehicle and the citizens associated with it. If we could get Thomas Jefferson on the horn and ask him what he thought of all this, I'd argue that he'd be spending too much time picking his own jaw up off the floor to give us a proper response.

“Right now, it's the wild West in terms of how companies can collect, process, and sell this kind of data,” says Kade Crockford of the American Civil Liberties Union of Massachusetts. “The best legal minds, best public policy thinkers, and ordinary people whose lives are affected need to sit down and think of meaningful ways we can regulate it.”

Which is exactly what some legislators in Massachusetts are attempting to do with legislation, but it isn't the first time crafting this kind of law has been tried. All previous attempts have been torpedoed by the data broker industry, including one case in Utah, where Digital Recognition sued the state for its ban on plate scanners as a first amendment violation. That seems to stretch the definition a bit too far.

So, if you own a car, a private company that deals for free with law enforcement agencies knows who you are, where you've been, and where you spend most of your time. And, without additional legislation, they do so without the checks and balances that would be insisted upon were the LEOs doing the scanning themselves. This must be what they mean when they say that private industry will always outpace government.

"There's an enormous amount of data held in the private sector," Mr. Inglis said, in his first published interview since leaving government. "There might be some concerns not just on the part of the American public, but the international public."

[....]
"These companies at least have a public relations issue, if not a moral obligation, to really make sure you understand that this is to your benefit," Mr. Inglis said. "As an individual, myself, I continue to be surprised by the kinds of insights companies have about me."

Now, first off, he's right. Companies collecting tons of data on their users should absolutely be a hell of a lot more transparent about what they're collecting (and should give more controls allowing people to opt-out of certain collections). However, it seems quite rich to hear that coming from someone at the NSA, perhaps the least transparent organization ever -- and one that worked hard to make sure that the tech industry was completely barred from being transparent about what sorts of data the NSA gets from them.

To try to spin that as an issue for the tech companies is just silly. As plenty of people have pointed out over and over again, your use of a tech company's services is voluntary. You can avoid it if you don't like it. And, yes, while more information and user controls would be helpful, in the few instances where there have been data leaks, or when it has become clear what kinds of info companies collect, most people have actually been totally fine with it. That's quite different from the NSA. With a company, people may be trading information for a service which they value -- and they're making the choice that the tradeoffs are worth it. That's not true with the NSA. It's not by choice and there's no tradeoff.

No matter what, the idea that Chris Inglis is suddenly the spokesperson for transparency is simply ridiculous.

from the crash-the-gatekeepers dept

For years, HBO and Time Warner have refused to give people what they want and offer a standalone streaming video service, because they're afraid of shaking up their cozy, promotion-heavy relationship with the cable industry. Instead, HBO's Go streaming service has been made available on desktops and a growing number of devices, TVs, set tops and game consoles -- provided you log in with your traditional cable subscriber information. It's a half-measure, and availability to this day remains a little fractured.

Case in point: Sony this week finally made HBO Go available on the Playstation 3 (despite HBO Go launching in early 2010), but not the new Playstation 4. The new Playstation 3 version works for most cable operators in the country -- except for users on Comcast. Why not? Comcast doesn't really give an answer other than to say the massive (and soon to get much larger) company only has so many people available to ensure TV Everywhere authentication works on new devices:

"With every new website, device or player we authenticate, we need to work through technical integration and customer service which takes time and resources. Moving forward, we will continue to prioritize as we partner with various players."

Which might almost sound like a reasonable explanation -- until you realize that HBO Go on Roku hasn't worked for Comcast users since 2011, despite Roku being one of the most prominent Internet streaming devices available. Apparently, it's a matter of priorities? Comcast's argument for being allowed to acquire companies is always that these acquisitions make them bigger and more efficient. So apparently, getting simple TV authentication to work takes Comcast years longer than every other pay TV operator because Comcast is simply too big, efficient and fantastic?

Now, Playstation 3 users have joined the Roku user chorus, asking Comcast in their official forums why they can't use HBO Go, and are being greeted by the same silence Roku owners have enjoyed for years. I'm not sure you can get away with calling this a net neutrality violation (I think the term is mutated to the point of uselessness anyway), given HBO Go on Roku will work if you have Comcast broadband -- but get HBO from another pay TV provider like Dish. Still, it's fairly curious how Comcast's own Internet video and on-demand offerings (which include HBO content) tend to take priority.

The problem illustrates once again how the TV Industry's "TV Everywhere" mindset fails because it winds up taking value away from the user, not delivering it. It's also another shining example of how HBO should shake off its fears, embrace innovation, leapfrog the gatekeepers and release the standalone Internet streaming app everyone has been clamoring for.

from the good-luck-with-that dept

Earlier this week, we wrote about the accusations that the CIA was spying on Senate staffers on the Senate Intelligence Committee as they were working on a massive $40 million, 6,300-page report condemning the CIA's torture program. The DOJ is apparently already investigating if the CIA violated computer hacking laws in spying on the Senate Intelligence Committee computers. The issue revolved around a draft of an internal review by the CIA, which apparently corroborates many of the Senate report's findings -- but which the CIA did not hand over to the Senate. This internal report not only supports the Senate report's findings, but also shows that the CIA has been lying in response to questions about the terror program.

In response to all of this, it appears that the CIA is attempting, weakly, to spin this as being the Senate staffers' fault, arguing that the real breach was the fact that the Senate staffers somehow broke the rules in obtaining that internal review. CIA boss John Brennan's statement hints at the fact that he thinks the real problem was with the way the staffers acted, suggesting that an investigation would fault "the legislative" branch (the Senate) rather than the executive (the CIA).

In his statement on Wednesday Brennan hit back in unusually strong terms. “I am deeply dismayed that some members of the Senate have decided to make spurious allegations about CIA actions that are wholly unsupported by the facts,” Brennan said.

“I am very confident that the appropriate authorities reviewing this matter will determine where wrongdoing, if any, occurred in either the executive branch or legislative branch,” Brennan continued, raising a suggestion that the Senate committee itself might have acted improperly.

A further report detailed what he's talking about. Reporters at McClatchy have revealed that the Senate staffers working on this came across the document, printed it out, and simply walked out of the CIA and over to the Senate with it, and the CIA is furious about that. Then, in a moment of pure stupidity, the CIA appears to have confronted the Senate Intelligence Committee about all of this... directly revealing that they were spying on the Committee staffers.

Several months after the CIA submitted its official response to the committee report, aides discovered in the database of top-secret documents at CIA headquarters a draft of an internal review ordered by former CIA Director Leon Panetta of the materials released to the panel, said the knowledgeable person.

They determined that it showed that the CIA leadership disputed report findings that they knew were corroborated by the so-called Panetta review, said the knowledgeable person.

The aides printed the material, walked out of CIA headquarters with it and took it to Capitol Hill, said the knowledgeable person.

“All this goes back to what is the technical structure here,” said the U.S. official who confirmed the unauthorized removal. “If I was a Senate staffer and I was given access to documents on the system, I would have a laptop that’s cleared. I would be allowed to look at these documents. But with these sorts of things, there’s generally an agreement that you can’t download or take them.”

The CIA discovered the security breach and brought it to the committee’s attention in January, leading to a determination that the agency recorded the staffers’ use of the computers in the high-security research room, and then confirmed the breach by reviewing the usage data, said the knowledgeable person.

There are many more details in the McClatchy report, which I highly recommend reading. And, yes, perhaps there's an argument that Senate staffers weren't supposed to take such documents, but the CIA trying to spin this by saying it was those staffers who were engaged in "wrongdoing" is almost certainly going to fall flat with Congress. After all, the intelligence committee is charged with oversight of the CIA, not the other way around. "You stole the documents we were hiding from you which proved we were lying, so we spied on you to find out how you did that" is not, exactly, the kind of argument that too many people are going to find compelling.

Of course, the CIA may still have one advantage on its side: there are still some in Congress who are so supportive of the intelligence community itself that even they will make excuses for the CIA spying on their own staff. At least that seems to be the response from Senate Intelligence vice chair Senator Saxby Chambliss, one of the most ardent defenders of the intelligence community he's supposed to be watching over. When asked about all of this, he seemed to be a lot more concerned about the staffers supposedly taking "classified" documents than about the CIA spying on those staffers:

“I have no comment. You should talk to those folks that are giving away classified information and get their opinion,” Intelligence Committee Vice Chairman Saxby Chambliss (R-Ga.) said when asked about the alleged intrusions.

from the impressive,-as-ever dept

A few weeks back, we reported that the European Parliament's Civil Liberties, Justice and Home Affairs (LIBE) committee planned to send some questions to Edward Snowden as part of its inquiry on electronic mass surveillance of EU citizens. He's now replied to these, prefacing them with a short statement (pdf -- embedded below.) Although there are no major revelations -- he specifically states that he will not be disclosing anything not already published -- it does contain many important clarifications and interesting comments. For example, he confirms that:

The NSA granted me the authority to monitor communications world-wide using its mass surveillance systems, including within the United States. I have personally targeted individuals using these systems under both the President of the United States' Executive Order 12333 and the US Congress' FAA 702. I know the good and the bad of these systems, and what they can and cannot do, and I am telling you that without getting out of my chair, I could have read the private communications of any member of this [LIBE] committee, as well as any ordinary citizen. I swear under penalty of perjury that this is true

Before moving on to the parliamentarian's questions, he concludes his opening statement as follows:

For the record, I also repeat my willingness to provide testimony to the United States Congress, should they decide to consider the issue of unconstitutional mass surveillance.

The first question from the MEPs on the committee concerns the extent of the cooperation between the NSA and EU member states. Snowden's answer includes some new background information on what's been going on here:

One of the foremost activities of the NSA's FAD, or Foreign Affairs Division, is to pressure or incentivize EU member states to change their laws to enable mass surveillance. Lawyers from the NSA, as well as the UK's GCHQ, work very hard to search for loopholes in laws and constitutional protections that they can use to justify indiscriminate, dragnet surveillance operations that were at best unwittingly authorized by lawmakers. These efforts to interpret new
powers out of vague laws is an intentional strategy to avoid public opposition and lawmakers' insistence that legal limits be respected, effects the GCHQ internally described in its own documents as "damaging public debate."

That makes a mockery of the UK government's insistence that GCHQ's actions were always "within the law": that's only true to the extent that the agency happily exploited to the maximum loopholes its lawyers have spotted in the already weak UK legislation covering this area. In terms of the spying programs, Snowden hints that there's much more to come, and underlines that revealing them is now a matter for journalists, not for him:

There are many other undisclosed programs that would impact EU citizens' rights, but I will leave the public interest determinations as to which of these may be safely disclosed to responsible journalists in coordination with government stakeholders.

Another question probed the options for raising concerns about spying programs, and asked him whether he thought he had exhausted them before deciding to leak the documents himself. He explained that he had reported programs that seemed problematic to "more than ten distinct officials, none of whom took any action to address them." So much for the idea that he didn't try hard enough to use official channels before taking more drastic action.
On the question of what the European Parliament could do to help him, Snowden's answer is characteristically self-effacing:

If you want to help me, help me by helping everyone: declare that the indiscriminate, bulk collection of private data by governments is a violation of our rights and must end. What happens to me as a person is less important than what happens to our common rights.

But he then goes on to say:

As for asylum, I do seek EU asylum, but I have yet to receive a positive response to the requests I sent to various EU member states. Parliamentarians in the national governments have told me that the US, and I quote, "will not allow" EU partners to offer political asylum to me, which is why the previous resolution on asylum ran into such mysterious opposition. I would welcome any offer of safe passage or permanent asylum, but I recognize that would require an act of extraordinary political courage.

Sadly, it seems unlikely that political courage will be forthcoming given the extremely weak responses from European governments to the spying leaks. Snowden was also asked about economic espionage:

global surveillance capabilities are being used on a daily basis for the purpose of economic espionage. That a major goal of the US Intelligence
Community is to produce economic intelligence is the worst kept secret in Washington.

In this context he makes an astute observation:

Recently, governments have shifted their talking points from claiming they only use mass surveillance for "national security" purposes to the more nebulous "valid foreign intelligence purposes." I suggest this committee consider that this rhetorical shift is a tacit acknowledgment by governments that they recognize they have crossed beyond the boundaries of justifiable activities..

He also elaborates on an early comment that encryption, done properly, does offer a measure of protection against the kind of surveillance programs he has revealed:

The good news is that there are solutions. The weakness of mass surveillance is that it can very easily be made much more expensive through changes in technical standards: pervasive, end-to-end encryption can quickly make indiscriminate surveillance impossible on a cost-effective basis. The result is that governments are likely to fall back to traditional, targeted surveillance founded upon an individualized suspicion.

In other words, encryption brings a double benefit. It helps preserve people's privacy and freedom, and thanks to the high costs of breaking properly-encrypted communications, it encourages governments to move back to the older, more targetted kind of spying that Snowden himself calls "above reproach". Finally, he was asked some more hostile questions from the right-leaning members of the committee, including whether the Russian secret service had approached him:

Of course. Even the secret service of Andorra would have approached me, if they had had the chance: that's their job.

But I didn't take any documents with me from Hong Kong, and while I'm sure they were disappointed, it doesn't take long for an intelligence service to realize when they're out of luck. I was also accompanied at all times by an utterly fearless journalist [WikiLeaks' Sarah Harrison] with one of the biggest megaphones in the world, which is the equivalent of Kryptonite for spies. As a consequence, we spent the next 40 days trapped in an airport instead of sleeping on piles of money while waiting for the next parade. But we walked out with heads held high.

As that hints, it's an eloquent and important document that is worth reading in its entirety. It not only adds useful details to many of the facts that have been published earlier, but also underlines the consistently rigorous and moral approach that Snowden has taken from the beginning.

from the let's-get-this-going... dept

Almost exactly two years ago, we wrote about the tacocopter, a sort of proof of concept idea for using drones to deliver products to people's homes. Yes, Amazon got some attention last year for claiming to be working on something similar, but the Tacocopter (and Lobstercopter on the east coast) idea was the first I'd heard of anyone seriously thinking about commercial-use drones. However, the key point of our Tacocopter story was that they were illegal:

Current U.S. FAA regulations prevent ... using UAVs [Unmanned Aerial Vehicles, like drones] for commercial purposes at the moment.

Well, that's no longer the case apparently. National Transportation Safety Board (NTSB) administrative law judge Patrick Geraghty has unleashed the tacocopters of the world by issuing a ruling that the FAA has no mandate to regulate commercial drones. The case involved the first time that the FAA had actually tried to fine someone, a guy named Raphael Pirker, $10,000 for trying to film a commercial with a drone at the University of Virginia.

The issue, basically, is that the FAA has historically exempted model airplanes from its rules, and the NTSB finds it impossible to square that with its attempt to now claim that drones are under its purview. As Geraghty notes, accepting that leads to absurd arguments about the FAA's mandate over all flying objects:

Complainant has, historically, in their policy notices, modified the term "aircraft" by prefixing the word "model", to distinguish the device/contrivance being considered. By affixing the word "model" to "aircraft" the reasonable inference is that Complainant FAA intended to distinguish and exclude model aircraft from either or both of the aforesaid definitions of "aircraft".

To accept Complainant's interpretive argument would lead to a conclusion that those definitions include as an aircraft all types of devices/contrivances intended for, or used for, flight in the air. The extension of that conclusion would then result in the risible argument that a flight in the air of, e.g., a paper aircraft, or a toy balsa wood glider, could subject the "operator" to the regulatory provisions of FAA Part 91, Section 91.13(a)....

..... The reasonable inference is not that FAA has overlooked the requirements, but, rather that FAA has distinguished model aircraft as a class excluded from the regulatory and statutory definitions.

The judge notes that while the FAA had some internal memorandum about these issues, it did not put forth a full rule, and thus it is not an actual policy. As a result, the ruling finds that the current definition of aircraft is not applicable here and thus the FAA has no real mandate over this kind of drone.

This does not preclude the FAA from trying to go through a full rule-making process to try to gain a mandate over commercial drone use, but that will involve a big political fight. It's way easier to block something like that from becoming official than overturning it if it was already deemed the law.

from the what-could-possibly-go-wrong? dept

One of the key themes to emerge in the debate about surveillance is the oversight of the agencies involved, and to what extent it is effective. In the US, that has been put into stark relief by news that the committee that is supposed to keep an eye on the spies was itself spied upon. And now over in the UK, we learn that things are just as bad when it comes to the equivalent oversight body, the Investigatory Powers Tribunal (IPT). Its powers sound impressive:

The Tribunal can investigate complaints about any alleged conduct by, or on behalf of, the Intelligence Services - the Security Service (sometimes called MI5), the Secret Intelligence Service (sometimes called MI6) and GCHQ (Government Communications Headquarters).

The scope of conduct the IPT can investigate concerning the Intelligence Agencies is much broader than it is with regard to the other public authorities. The IPT is the only Tribunal to whom complaints about the Intelligence Services can be directed

A controversial court that claims to be completely independent of the British government is secretly operating from a base within the Home Office, the Guardian has learned.

The Investigatory Powers Tribunal, which investigates complaints about the country's intelligence agencies, is also funded by the Home Office, and its staff includes at least one person believed to be a Home Office official previously engaged in intelligence-related work.

It gets worse:

the IPT will not say whether GCHQ had disclosed the existence of its bulk surveillance operations, which attempt to capture the digital communications of everybody -- including those people who complain to the tribunal.

Nor will it disclose whether it has issued any secret ruling on the lawfulness of those operations, on the grounds that the rules under which it operates stipulate that it cannot do so without the permission of GCHQ itself. It has not sought that permission on grounds it knows it would not be given.

So the body tasked with overseeing GCHQ has to get GCHQ's permission before it can reveal any wrongdoing by GCHQ, which it doesn't bother doing when it knows it would be refused. Isn't oversight a wonderful thing?